The Nvidia Display Driver Service is found vulnerable to a stack buffer overflow that could enable an attacker to gain administrative control of Windows machines. A WordPress misconfiguration opens bloggers' password hashes and other information to compromise.
Two banking threats concern US financial institutions: Trojan.Stabuniq continues to spread, and the Comptroller of the Currency warns banks to expect denial-of-service attacks, and to prepare themselves appropriately. In Australia, ransomware proliferates, aided by a black market in "how-to" kits. A New York state audit of public school IT systems finds them startlingly vulnerable to many forms of hacking.
As we enter the year's last weekend, 2012 trend and 2013 forecast stories dominate the cyber news. Among the more interesting predictions (by McAfee) are less Anonymous-style hacktivism (replaced by "patriotic" hacking) and more crimeware-as-a-service. Discovery looks at Kaspersky's 2012 predictions and finds that they held up fairly well.
The US approaches its Federal fiscal cliff, and large defense contractors expect and prepare for the worst.
Dark Reading offers an apparently contrarian take on cyber defense-in-depth: it doesn't work, say experts. Further reading reveals a more familiar message: mere accretion of ad hoc security products and policies doesn't work. Instead, effective defense-in-depth should be designed as a comprehensive architecture with due attention to a particular enterprise's goals and needs.
As expected, China tightens access to the Internet. The US Senate's draft Intelligence Authorization Act contains provisions directed against Chinese IT vendors. The Department of Justice is investigating HP's acquisition of Autonomy for possible fraud.